X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fconnections.cgi;h=9c5756939b19e4cf215774b20660fa010e77666f;hp=8fe8f8aa9af7a22b922bb8921860965d25f94565;hb=5433e2c950a4429da23d18cf49d5da07e1714b5c;hpb=cd1a2927226c734d96478e12bb768256fb64a06a diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 8fe8f8aa9a..9c5756939b 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -1,329 +1,542 @@ -#!/usr/bin/perl -# -# (c) 2001 Jack Beglinger -# -# (c) 2003 Dave Roberts - colour coded netfilter/iptables rewrite for 1.3 -# -# $Id: connections.cgi,v 1.6.2.11 2005/02/24 07:44:35 gespinasse Exp $ -# - -# Setup GREEN, ORANGE, IPCOP, VPN CIDR networks, masklengths and colours only once - -my @network=(); -my @masklen=(); -my @colour=(); - -use Net::IPv4Addr qw( :all ); - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require 'CONFIG_ROOT/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table1colour} ); -undef (@dummy); - -# Read various files - -my %netsettings=(); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack'; -my @active = ; -close (ACTIVE); - -my @vpn = ('none'); -open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = ; close (ACTIVE); - -my $aliasfile = "${General::swroot}/ethernet/aliases"; -open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; -my @aliases = ; -close(ALIASES); - -# Add Green Firewall Interface -push(@network, $netsettings{'GREEN_ADDRESS'}); -push(@masklen, "255.255.255.255" ); -push(@colour, ${Header::colourfw} ); - -# Add Green Network to Array -push(@network, $netsettings{'GREEN_NETADDRESS'}); -push(@masklen, $netsettings{'GREEN_NETMASK'} ); -push(@colour, ${Header::colourgreen} ); - -# Add Green Routes to Array -my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; -foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourgreen} ); -} - -# Add Firewall Localhost 127.0.0.1 -push(@network, '127.0.0.1'); -push(@masklen, '255.255.255.255' ); -push(@colour, ${Header::colourfw} ); - -# Add Orange Network -if ($netsettings{'ORANGE_DEV'}) { - push(@network, $netsettings{'ORANGE_NETADDRESS'}); - push(@masklen, $netsettings{'ORANGE_NETMASK'} ); - push(@colour, ${Header::colourorange} ); - # Add Orange Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourorange} ); - } -} - -# Add Blue Network -if ($netsettings{'BLUE_DEV'}) { - push(@network, $netsettings{'BLUE_NETADDRESS'}); - push(@masklen, $netsettings{'BLUE_NETMASK'} ); - push(@colour, ${Header::colourblue} ); - # Add Blue Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourblue} ); - } -} - -# Add STATIC RED aliases -if ($netsettings{'RED_DEV'}) { - # We have a RED eth iface - if ($netsettings{'RED_TYPE'} eq 'STATIC') { - # We have a STATIC RED eth iface - foreach my $line (@aliases) - { - chomp($line); - my @temp = split(/\,/,$line); - if ( $temp[0] ) { - push(@network, $temp[0]); - push(@masklen, $netsettings{'RED_NETMASK'} ); - push(@colour, ${Header::colourfw} ); - } - } - } -} - -# Add VPNs -if ( $vpn[0] ne 'none' ) { - foreach my $line (@vpn) { - my @temp = split(/[\t ]+/,$line); - my @temp1 = split(/[\/:]+/,$temp[3]); - push(@network, $temp1[0]); - push(@masklen, ipv4_cidr2msk($temp1[1])); - push(@colour, ${Header::colourvpn} ); - } -} -if (open(IP, "${General::swroot}/red/local-ipaddress")) { - my $redip = ; - close(IP); - chomp $redip; - push(@network, $redip); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourfw} ); -} - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'connections'}, 1, ''); -&Header::openbigbox('100%', 'left'); -&Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); - -print < -$Lang::tr{'legend'} : - $Lang::tr{'lan'} - $Lang::tr{'internet'} - $Lang::tr{'dmz'} - $Lang::tr{'wireless'} - IPCop - $Lang::tr{'vpn'} - - -
- - - - - - - - - - - -END -; - -foreach my $line (@active) -{ - my $protocol=''; - my $expires=''; - my $connstatus=''; - my $orgsip=''; - my $orgdip=''; - my $orgsp=''; - my $orgdp=''; - my $exsip=''; - my $exdip=''; - my $exsp=''; - my $exdp=''; - my $marked=''; - my $use=''; - my $orgsipcolour=''; - my $orgdipcolour=''; - my $exsipcolour=''; - my $exdipcolour=''; - - chomp($line); - my @temp = split(' ',$line); - print "\n"; - if ($temp[0] eq 'udp') { - my $offset = 0; - $marked = ''; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $connstatus = ' '; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = substr $temp[5], 6; - $orgdp = substr $temp[6], 6; - if ($temp[7] eq '[UNREPLIED]') { - $marked = $temp[7]; - $offset = 1; - } - else { - $connstatus = ' '; - } - - $exsip = substr $temp[7 + $offset], 4; - $exdip = substr $temp[8 + $offset], 4; - $exsp = substr $temp[9 + $offset], 6; - $exdp = substr $temp[10 + $offset], 6; - if ($marked eq '[UNREPLIED]') { - $use = substr $temp[11 + $offset], 4; - } - else { - $marked = $temp[11 + $offset]; - $use = substr $marked, 0, 3; - if ($use eq 'use' ) { - $marked = ''; - $use = substr $temp[11 + $offset], 4; - } - else { - $use = substr $temp[12 + $offset], 4; - } - } - } - if ($temp[0] eq 'tcp') { - my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $connstatus = $temp[3]; - $orgsip = substr $temp[4], 4; - $orgdip = substr $temp[5], 4; - $orgsp = substr $temp[6], 6; - $orgdp = substr $temp[7], 6; - if ($temp[8] eq '[UNREPLIED]') { - $marked = $temp[8]; - $offset = 1; - $use = substr $temp[13], 4; - } - else { - $marked = $temp[12]; - $use = substr $temp[13], 4; - } - - $exsip = substr $temp[8 + $offset], 4; - $exdip = substr $temp[9 + $offset], 4; - $exsp = substr $temp[10 + $offset], 6; - $exdp = substr $temp[11 + $offset], 6; - } - if ($temp[0] eq 'unknown') { - my $offset = 0; - $protocol = "??? (" . $temp[1] . ")"; - $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50); - $protocol = " ah (" . $temp[1] . ")" if ($temp[1] == 51); - $expires = $temp[2]; - $connstatus = ' '; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = ' '; - $orgdp = ' '; - $exsip = substr $temp[5], 4; - $exdip = substr $temp[6], 4; - $exsp = ' '; - $exdp = ' '; - $marked = ' '; - $use = ' '; - } - if ($temp[0] eq 'gre') { - my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $orgsip = substr $temp[5], 4; - $orgdip = substr $temp[6], 4; - $orgsp = ' '; - $orgdp = ' '; - $exsip = substr $temp[11], 4; - $exdip = substr $temp[12], 4; - $exsp = ' '; - $exdp = ' '; - $marked = $temp[17]; - $use = $temp[18]; - } - $orgsipcolour = &ipcolour($orgsip); - $orgdipcolour = &ipcolour($orgdip); - $exsipcolour = &ipcolour($exsip); - $exdipcolour = &ipcolour($exdip); - print <$protocol - - - - - - - - -END - ; -} -print "
$Lang::tr{'protocol'}$Lang::tr{'expires'}
($Lang::tr{'seconds'})		$Lang::tr{'connection'}
$Lang::tr{'status'}		$Lang::tr{'original'}
$Lang::tr{'source ip and port'}		$Lang::tr{'original'}
$Lang::tr{'dest ip and port'}		$Lang::tr{'expected'}
$Lang::tr{'source ip and port'}		$Lang::tr{'expected'}
$Lang::tr{'dest ip and port'}		$Lang::tr{'marked'}$Lang::tr{'use'}
$expires$connstatus$orgsip:$orgsp$orgdip:$orgdp$exsip:$exsp$exdip:$exdp$marked$use
\n"; - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -sub ipcolour($) { - my $id = 0; - my $line; - my $colour = ${Header::colourred}; - my ($ip) = $_[0]; - my $found = 0; - foreach $line (@network) - { - if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { - $found = 1; - $colour = $colour[$id]; - } - $id++; - } - return $colour -} +#!/usr/bin/perl +# +# (c) 2001 Jack Beglinger +# +# (c) 2003 Dave Roberts - colour coded netfilter/iptables rewrite for 1.3 +# +# (c) 2006 Franck - add sorting+filtering capability +# + +# Setup GREEN, ORANGE, IPFIRE, VPN CIDR networks, masklengths and colours only once + +my @network=(); +my @masklen=(); +my @colour=(); + +use Net::IPv4Addr qw( :all ); + +use strict; + +# enable only the following on debugging purpose +use warnings; +use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::table1colour} ); +undef (@dummy); + +# Read various files + +my %netsettings=(); +&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); + +open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack'; +my @active = ; +close (ACTIVE); + +my @vpn = ('none'); +open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = ; +close (ACTIVE); + +my $aliasfile = "${General::swroot}/ethernet/aliases"; +open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; +my @aliases = ; +close(ALIASES); + +# Add Green Firewall Interface +push(@network, $netsettings{'GREEN_ADDRESS'}); +push(@masklen, "255.255.255.255" ); +push(@colour, ${Header::colourfw} ); + +# Add Green Network to Array +push(@network, $netsettings{'GREEN_NETADDRESS'}); +push(@masklen, $netsettings{'GREEN_NETMASK'} ); +push(@colour, ${Header::colourgreen} ); + +# Add Green Routes to Array +my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; +foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourgreen} ); +} + +# Add Firewall Localhost 127.0.0.1 +push(@network, '127.0.0.1'); +push(@masklen, '255.255.255.255' ); +push(@colour, ${Header::colourfw} ); + +# Add Orange Network +if ($netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_NETADDRESS'}); + push(@masklen, $netsettings{'ORANGE_NETMASK'} ); + push(@colour, ${Header::colourorange} ); + # Add Orange Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourorange} ); + } +} + +# Add Blue Network +if ($netsettings{'BLUE_DEV'}) { + push(@network, $netsettings{'BLUE_NETADDRESS'}); + push(@masklen, $netsettings{'BLUE_NETMASK'} ); + push(@colour, ${Header::colourblue} ); + # Add Blue Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourblue} ); + } +} + +# Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate) +if (-e "${General::swroot}/ovpn/settings") { + my %ovpnsettings = (); + &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); + my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); + + # add OpenVPN net + push(@network, $tempovpnsubnet[0]); + push(@masklen, $tempovpnsubnet[1]); + push(@colour, ${Header::colourovpn} ); + + if ( ($ovpnsettings{'ENABLED'} eq 'on') && open(IP, "${General::swroot}/red/local-ipaddress") ) { + # add RED:port / proto + my $redip = ; + close(IP); + chomp $redip; + push(@network, $redip ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn} ); + } + if ( ($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'} ) { + # add BLUE:port / proto + push(@network, $netsettings{'BLUE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn} ); + } + if ( ($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'} ) { + # add ORANGE:port / proto + push(@network, $netsettings{'ORANGE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn} ); + } +} + +# Add STATIC RED aliases +if ($netsettings{'RED_DEV'}) { + # We have a RED eth iface + if ($netsettings{'RED_TYPE'} eq 'STATIC') { + # We have a STATIC RED eth iface + foreach my $line (@aliases) + { + chomp($line); + my @temp = split(/\,/,$line); + if ( $temp[0] ) { + push(@network, $temp[0]); + push(@masklen, $netsettings{'RED_NETMASK'} ); + push(@colour, ${Header::colourfw} ); + } + } + } +} + +# Add VPNs +if ( $vpn[0] ne 'none' ) { + foreach my $line (@vpn) { + my @temp = split(/[\t ]+/,$line); + my @temp1 = split(/[\/:]+/,$temp[3]); + push(@network, $temp1[0]); + push(@masklen, ipv4_cidr2msk($temp1[1])); + push(@colour, ${Header::colourvpn} ); + } +} +if (open(IP, "${General::swroot}/red/local-ipaddress")) { + my $redip = ; + close(IP); + chomp $redip; + push(@network, $redip); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourfw} ); +} + + +#Establish simple filtering&sorting boxes on top of table + +our %cgiparams; +&Header::getcgihash(\%cgiparams); + +my @list_proto = ($Lang::tr{'all'}, 'icmp', 'udp', 'tcp'); +my @list_state = ($Lang::tr{'all'}, 'SYN_SENT', 'SYN_RECV', 'ESTABLISHED', 'FIN_WAIT', + 'CLOSE_WAIT', 'LAST_ACK', 'TIME_WAIT', 'CLOSE', 'LISTEN'); +my @list_mark = ($Lang::tr{'all'}, '[ASSURED]', '[UNREPLIED]'); +my @list_sort = ('orgsip','protocol', 'expires', 'status', 'orgdip', 'orgsp', + 'orgdp', 'exsip', 'exdip', 'exsp', 'exdp', 'marked'); + +# init or silently correct unknown value... +if ( ! grep ( /^$cgiparams{'SEE_PROTO'}$/ , @list_proto )) { $cgiparams{'SEE_PROTO'} = $list_proto[0] }; +if ( ! grep ( /^$cgiparams{'SEE_STATE'}$/ , @list_state )) { $cgiparams{'SEE_STATE'} = $list_state[0] }; +if ( ($cgiparams{'SEE_MARK'} ne $Lang::tr{'all'}) && # ok the grep should work but it doesn't because of + ($cgiparams{'SEE_MARK'} ne '[ASSURED]') && # the '[' & ']' interpreted as list separator. + ($cgiparams{'SEE_MARK'} ne '[UNREPLIED]') # So, explicitly enumerate items. + ) { $cgiparams{'SEE_MARK'} = $list_mark[0] }; +if ( ! grep ( /^$cgiparams{'SEE_SORT'}$/ , @list_sort )) { $cgiparams{'SEE_SORT'} = $list_sort[0] }; +# *.*.*.* or a valid IP +if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_SRC'} = '*.*.*.*' }; +if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_DEST'} = '*.*.*.*' }; + + +our %entries = (); # will hold the lines analyzed correctly +my $unknownlines = ''; # should be empty all the time... +my $index = 0; # just a counter to make unique entryies in entries + +foreach my $line (@active) { + my $protocol=''; + my $expires=''; + my $status=''; + my $orgsip=''; + my $orgdip=''; + my $orgsp=''; + my $orgdp=''; + my $exsip=''; + my $exdip=''; + my $exsp=''; + my $exdp=''; + my $marked=''; + my $use=''; + + chomp($line); + my @temp = split(' ',$line); + + if ($temp[0] eq 'icmp') { + $protocol = $temp[0]; + $status = $Lang::tr{'all'}; + $orgsip = substr $temp[3], 4; + $orgdip = substr $temp[4], 4; + $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' '; + } + if ($temp[0] eq 'udp') { + $protocol = $temp[0]; + $status = $Lang::tr{'all'}; + $orgsip = substr $temp[3], 4; + $orgdip = substr $temp[4], 4; + $marked = $temp[7] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[12]) ? $temp[11] : ' '; + } + if ($temp[0] eq 'tcp') { + $protocol = $temp[0]; + $status = $temp[3]; + $orgsip = substr $temp[4], 4; + $orgdip = substr $temp[5], 4; + $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[13]) ? $temp[12] : ' '; + } + + # filter the line if we found a known proto + next if( !( + (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($protocol eq $cgiparams{'SEE_PROTO'} )) + && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($status eq $cgiparams{'SEE_STATE'} )) + && (($cgiparams{'SEE_MARK'} eq $Lang::tr{'all'}) || ($marked eq $cgiparams{'SEE_MARK'} )) + && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($orgsip eq $cgiparams{'SEE_SRC'} )) + && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($orgdip eq $cgiparams{'SEE_DEST'} )) + )); + + if ($temp[0] eq 'icmp') { + my $offset = 0; + $protocol = $temp[0] . " (" . $temp[1] . ")"; + $expires = $temp[2]; + $status = ' '; + if ($temp[8] eq '[UNREPLIED]' ) { + $offset = +1; + } + $orgsip = substr $temp[3], 4; + $orgdip = substr $temp[4], 4; + $orgsp = &General::GetIcmpDescription(substr( $temp[5], 5)) . "/" . substr( $temp[6], 5);; + $orgdp = 'id=' . substr( $temp[7], 3); + $exsip = substr $temp[8 + $offset], 4; + $exdip = substr $temp[9 + $offset], 4; + $exsp = &General::GetIcmpDescription(substr( $temp[10 + $offset], 5)). "/" . substr( $temp[11 + $offset], 5); + $exdp = 'id=' . substr( $temp[11 + $offset], 5); + $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' '; + $use = substr( $temp[13 + $offset], 4 ); + } + if ($temp[0] eq 'udp') { + my $offset = 0; + $marked = ''; + $protocol = $temp[0] . " (" . $temp[1] . ")"; + $expires = $temp[2]; + $status = ' '; + $orgsip = substr $temp[3], 4; + $orgdip = substr $temp[4], 4; + $orgsp = substr $temp[5], 6; + $orgdp = substr $temp[6], 6; + if ($temp[7] eq '[UNREPLIED]') { + $offset = 1; + $marked = $temp[7]; + $use = substr $temp[12], 4; + } else { + if ((substr $temp[11], 0, 3) eq 'use' ) { + $marked = ''; + $use = substr $temp[11], 4; + } else { + $marked = $temp[11]; + $use = substr $temp[12], 4; + } + } + $exsip = substr $temp[7 + $offset], 4; + $exdip = substr $temp[8 + $offset], 4; + $exsp = substr $temp[9 + $offset], 6; + $exdp = substr $temp[10 + $offset], 6; + } + if ($temp[0] eq 'tcp') { + my $offset = 0; + $protocol = $temp[0] . " (" . $temp[1] . ")"; + $expires = $temp[2]; + $status = $temp[3]; + $orgsip = substr $temp[4], 4; + $orgdip = substr $temp[5], 4; + $orgsp = substr $temp[6], 6; + $orgdp = substr $temp[7], 6; + if ($temp[8] eq '[UNREPLIED]') { + $marked = $temp[8]; + $offset = 1; + } else { + $marked = $temp[12]; + } + $exsip = substr $temp[8 + $offset], 4; + $exdip = substr $temp[9 + $offset], 4; + $exsp = substr $temp[10 + $offset], 6; + $exdp = substr $temp[11 + $offset], 6; + $use = substr $temp[13], 4; + } + if ($temp[0] eq 'unknown') { + my $offset = 0; + $protocol = "??? (" . $temp[1] . ")"; + $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50); + $protocol = "ah (" . $temp[1] . ")" if ($temp[1] == 51); + $expires = $temp[2]; + $status = ' '; + $orgsip = substr $temp[3], 4; + $orgdip = substr $temp[4], 4; + $orgsp = ' '; + $orgdp = ' '; + $exsip = substr $temp[5], 4; + $exdip = substr $temp[6], 4; + $exsp = ' '; + $exdp = ' '; + $marked = ' '; + $use = ' '; + } + if ($temp[0] eq 'gre') { + my $offset = 0; + $protocol = $temp[0] . " (" . $temp[1] . ")"; + $expires = $temp[2]; + $orgsip = substr $temp[5], 4; + $orgdip = substr $temp[6], 4; + $orgsp = ' '; + $orgdp = ' '; + $exsip = substr $temp[11], 4; + $exdip = substr $temp[12], 4; + $exsp = ' '; + $exdp = ' '; + $marked = $temp[17]; + $use = $temp[18]; + } + # Only from this point, lines have the same known format/field + # The floating fields [UNREPLIED] [ASSURED] etc are ok. + + # Store the line in a hash array for sorting + if ( $protocol ) { # line is decoded ? + my @record = ( 'index', $index++, + 'protocol', $protocol, + 'expires', $expires, + 'status', $status, + 'orgsip', $orgsip, + 'orgdip', $orgdip, + 'orgsp', $orgsp, + 'orgdp', $orgdp, + 'exsip', $exsip, + 'exdip', $exdip, + 'exsp', $exsp, + 'exdp', $exdp, + 'marked', $marked, + 'use', $use); + my $record = {}; # create a reference to empty hash + %{$record} = @record; # populate that hash with @record + $entries{$record->{index}} = $record; # add this to a hash of hashes + } else { # it was not a known line + $unknownlines .= ""; + $unknownlines .= " unknown:$line>"; + } +} + +# Build listbox objects +my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); +my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); +my $menu_src = &make_select ('SEE_SRC', $cgiparams{'SEE_SRC'}, &get_known_ips('orgsip')); +my $menu_dest = &make_select ('SEE_DEST', $cgiparams{'SEE_DEST'}, &get_known_ips('orgdip')); +my $menu_mark = &make_select ('SEE_MARK', $cgiparams{'SEE_MARK'}, @list_mark); +my $menu_sort = &make_select ('SEE_SORT', $cgiparams{'SEE_SORT'}, @list_sort); + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'connections'}, 1, ''); +&Header::openbigbox('100%', 'left'); +&Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); + +print < + + + + + + + + + + +
$Lang::tr{'legend'} : $Lang::tr{'lan'}$Lang::tr{'internet'}$Lang::tr{'dmz'}$Lang::tr{'wireless'}IPFire$Lang::tr{'vpn'}$Lang::tr{'OpenVPN'}
+
+ + + + + + + + + + + + + + + + + + + + + +END +; + +foreach my $entry (sort sort_entries keys %entries) { + my $orgsipcolour = &ipcolour( $entries{$entry}->{orgsip} ); + my $orgdipcolour = &ipcolour( $entries{$entry}->{orgdip} ); + my $exsipcolour = &ipcolour( $entries{$entry}->{exsip} ); + my $exdipcolour = &ipcolour( $entries{$entry}->{exdip} ); + print < + + + + + + + + + + +END +; +} + +print "$unknownlines
$Lang::tr{'protocol'}$Lang::tr{'expires'}
($Lang::tr{'seconds'})		$Lang::tr{'connection'}
$Lang::tr{'status'}		$Lang::tr{'original'}
$Lang::tr{'source ip and port'}		$Lang::tr{'original'}
$Lang::tr{'dest ip and port'}		$Lang::tr{'expected'}
$Lang::tr{'source ip and port'}		$Lang::tr{'expected'}
$Lang::tr{'dest ip and port'}		$Lang::tr{'marked'}$Lang::tr{'use'}
$menu_proto $menu_state$menu_src$menu_dest$Lang::tr{'sort ascending'}:$menu_sort $menu_mark
$entries{$entry}->{protocol}$entries{$entry}->{expires}$entries{$entry}->{status} + + $entries{$entry}->{orgsip} + :$entries{$entry}->{orgsp} + + $entries{$entry}->{orgdip} + :$entries{$entry}->{orgdp} + + $entries{$entry}->{exsip} + :$entries{$entry}->{exsp} + + $entries{$entry}->{exdip} + :$entries{$entry}->{exdp}$entries{$entry}->{marked}$entries{$entry}->{use}
"; + +&Header::closebox(); +&Header::closebigbox(); +&Header::closepage(); + +sub ipcolour($) { + my $id = 0; + my $line; + my $colour = ${Header::colourred}; + my ($ip) = $_[0]; + my $found = 0; + foreach $line (@network) { + if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { + $found = 1; + $colour = $colour[$id]; + } + $id++; + } + return $colour +} + +# Create a string containing a complete SELECT html object +# param1: name +# param2: current value selected +# param3: field list +sub make_select ($,$,$) { + my $select_name = shift; + my $selected = shift; + my $select = ""; + return $select; +} + +# Build a list of IP obtained from the %entries hash +# param1: IP field name +sub get_known_ips ($) { + my $field = shift; + my $qs = $cgiparams{'SEE_SORT'}; # switch the sort order + $cgiparams{'SEE_SORT'} = $field; + + my @liste=('*.*.*.*'); + foreach my $entry ( sort sort_entries keys %entries) { + push (@liste, $entries{$entry}->{$field}) if (! grep (/^$entries{$entry}->{$field}$/,@liste) ); + } + + $cgiparams{'SEE_SORT'} = $qs; #restore sort order + return @liste; +} + +# Used to sort the table containing the lines displayed. +sub sort_entries { #Reverse is not implemented + my $qs=$cgiparams{'SEE_SORT'}; + if ($qs =~ /orgsip|orgdip|exsip|exdip/) { + my @a = split(/\./,$entries{$a}->{$qs}); + my @b = split(/\./,$entries{$b}->{$qs}); + ($a[0]<=>$b[0]) || + ($a[1]<=>$b[1]) || + ($a[2]<=>$b[2]) || + ($a[3]<=>$b[3]); + } elsif ($qs =~ /expire|orgsp|orgdp|exsp|exdp/) { + $entries{$a}->{$qs} <=> $entries{$b}->{$qs}; + } else { + $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; + } +} + +1;